x0rz is a user on mastodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

x0rz @x0rz@mastodon.social

Pinned toot

Tweets are automatically forwarded from twitter.com/x0rz

please everyone welcome @l0xbot on Twitter 🔥

Interesting sandbox evasion technique based on the fact "Sanbox won't run other softwares to avoid overlapping behaviours, but real users do" gitlab.com/brn1337/sandbox-det

It listened on localhost only, but was exploitable through DNS rebinding (see article above)

Wow, Visual Studio Code (1.19.0 to 1.19.2) was silently listening on 9333/tcp. It was a debug port with obvious RCE! medium.com/0xcc/visual-studio-

Cool little trick, simple persistence technique to stay hidden from autoruns.exe (using the RunOnceEx registry key) oddvar.moe/2018/03/21/persiste

PSA: OTR *does not* encrypt file transfers

Frankly, this is actually sad and quite useless, no more subreddit? DNM users will just use another service to share insights.

In case you need some Bitcoin-only & Tor friendly VPS hosted in Romania, I recommend box.cock.li/?r=495 (referral) 👌

That makes sense, because stopping at that moment they would have betrayed themselves? Tough decision but good call

Fun fact: the CIA did continue its cyber operations after the release of documents, according to Kaspersky (and if the Slingshot APT was indeed the CIA) t.co/wAGcdOaQ8T

The DNS madness: 185 RFCs totaling 2781 pages. That is why nobody can fully understand DNS and all the extensions 😱 datatracker.ietf.org/meeting/1 (PDF) t.co/QeVmw11rbc

Vintage opsec posters (WW2 or Cold War era) are actually pretty cool, unique art style.
Russia military recently issued a few posters covering new modern threats southfront.org/information-sec

You might think it's a cyber-era poster, but it's not. It's actually from the 80's. t.co/8V4Gb4HWPZ